The Internet is a decentralised structure whose functioning depends on a series of complementary technical protocols, laws, and international regulations. As a result of this, its well-functioning entails negotiations among a variety of stakeholders, including those responsible for developing digital markets, policies, legal frameworks and technical standards. It is this shared responsibility among industry, citizens and governments that translates into what is called the multistakeholder approach – a model that enables relevant stakeholders to jointly engage in negotiations concerning principles, rules, norms and technical standards. This approach has characterized the global governance of the Internet since its early stages in the 1990s when the main challenge was the identification of a management solution for the Internet domain name system (DNS), in accordance with economic and policy priorities of governments and industry. In order to move the debate beyond the technical dimension of the Internet, the World Summit of Information Society (WSIS) was the first forum promoted by the United Nations in 2003 to launch international cooperation to establish a sustainable transnational governance model for the Internet, involving civil society, in addition to industry and governments. Of particular relevance, one of the key outcomes of the WSIS was the formalisation of multistakeholder inclusivity as a defining feature of the next two decades of Internet governance.

From Internet Governance to Cyber Diplomacy

Since then, the massive expansion of digital infrastructure, and markets, society and governments subsequent dependency on connectivity, has increased the exposure to cyber threats, and pushed cybersecurity to the centre of governments’ agenda. Some cyber threats are perceived as an attack on a state’s sovereignty, and approaches to cybersecurity include among other military responses. As a matter of national security, states are therefore increasingly taking control over the governance of cybersecurity, moving debates over safe and stable connectivity infrastructure ever more toward intergovernmental fora and bi-lateral agreements among governments. This multilateral approach defining cybersecurity initiatives is effectively a dialogue between states, largely excluding other stakeholders from decision-making processes. As a result, the multistakeholder model that enabled civil society and industry to play an active role in Internet governance next to state actors, are slowly either replaced or developing alongside and apart from cyber diplomacy dialogues, which are principally led by governmental actors. Along this line, the UN has formalized a multilateral approach to cybersecurity, specifically through the establishment of the UN Group of Governmental Experts (UNGGE) intended to “advance responsible State behaviour in cyberspace in the context of international security” (United Nations 2015). While the UN has announced the support of a multistakeholder approach to cybersecurity by inviting civil society and industry representatives to contribute to the UNGGE via the Open-Ended Working Group (OEWG), we have little evidence that these inputs will influence negotiations between the formal UNGGE members. At this point in time, we can conclude that given the relocation of states to the forefront of negotiations around norms, international law, and Internet governance models, the established format of multistakeholder governance has slowly been replaced by multilateral forms of negotiations. This transition represents a shift of narratives in international cooperation in the cyber domain, from Internet Governance as one of the key challenges of Global Governance, to Cyber Diplomacy where dialogue among states is by and large in line with state-based approaches adopted in the domain of international security.

New Internet geography and cyber capacity building

In order to strengthen a coherent and coordinated Cyber Diplomacy dialogue and avoid a fragmented approach in the domain of cybersecurity, it is crucial to take into consideration the fast-changing geography of the Internet, which is increasingly moving away from its original concentration in the global north. Today, more than the 50 per cent of the global Internet population lives in Asia, while North America and Europe only represent 8 per cent and 20 per cent of the Internet population, respectively.^[1] However, countries in the global south are expanding their connectivity infrastructure faster than their technical and policy capacity to deal with potential cyber threats. Given the expectations that by 2025, 75 per cent of the Internet population will be living in the global south,^[2] there is a significant need to develop a Cyber Diplomacy dialogue beyond the global north.

In this context, the development of global cybersecurity goes together with the launch of strategies aimed at supporting states in their efforts to develop cyber capacities, referred to “the diffusion of technical, governance and diplomatic skills among relevant stakeholders, in order to ensure the development of sustainable connectivity”.^[3] Examples of this such initiatives targeting the global south include the Global Forum of Cyber Expertise, which brings together governments, international organizations and industry engaged in cyber capacity building initiatives, and the formalization of an EU Cyber Capacity Building strategy with the release of the “Operational Guidance for the EU’s International Cooperation on Cyber Capacity Building” in 2018. These initiatives lend evidence to how the promotion of cyber capacity building initiatives is an emerging priority in state’s foreign policy to support countries in the global south to develop their competences and response capacities to cyber threats, but also to enhance their role in the Cyber Diplomacy dialogues by playing an active role in the negotiations of cybersecurity treaties in intergovernmental venues, such as the UN GGE.

In this critical juncture for global cybersecurity governance, it will be important to diversify participatory practices, and to ensure that transnational non-state actors and governments from the global south are included in core circles and debates. By expanding cyber capacity building efforts, we may enhance the prospects of an inclusive and robust governance model that will outlive the current securitization of cyber policies. 

NOTES:

[1] ITU defines as “Internet users” individuals that have accessed the Internet from any devices within the last 12 months. ITU Statistics “Global ICT developments 2001-2017”, available at: http://www.itu.int/ict/statistics

[2] Kleiner, B.D., Nicholas, P.J., Sullivan, K., 2014. Cyberspace 2025: today’s decisions, tomorrow’s terrain’. Microsoft, Redmond, WA.

[3] Calderaro, A., Craig, A., 2020. Transnational Governance of Cybersecurity: policy challenges and global inequalities in cyber capacity building. Third World Quarterly.